chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:39:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

services.xray: allow to specify noproxy ports

Browse Source
This commit is contained in:
陈浩南
2024-06-01 00:41:42 +08:00
parent 9f27c9dbc9
commit 215dbe7669
6 changed files with 25 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
modules/services/nginx/default.nix
View File

@@ -295,6 +295,7 @@ inputs:
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
nixos.services.xray.client.v2ray-forwarder.noproxyTcpPorts = [ 80 443 ];
sops.secrets = { "nginx/maxmind-license".owner = inputs.config.users.users.nginx.name; };
systemd.services.nginx.serviceConfig =
{

7
modules/services/nix-serve.nix
View File

@@ -20,7 +20,10 @@ inputs:
secretKeyFile = inputs.config.sops.secrets."store/signingKey".path;
};
sops.secrets."store/signingKey" = {};
nixos.services.nginx =
{ enable = true; https.${nix-serve.hostname}.location."/".proxy.upstream = "http://127.0.0.1:5000"; };
nixos.services =
{
nginx = { enable = true; https.${nix-serve.hostname}.location."/".proxy.upstream = "http://127.0.0.1:5000"; };
xray.client.v2ray-forwarder.noproxyTcpPorts = [ 5000 ];
};
};
}

5
modules/services/samba.nix
View File

@@ -63,5 +63,10 @@ inputs:
(attrsToList samba.shares));
};
};
nixos.services.xray.client.v2ray-forwarder =
{
noproxyTcpPorts = [ 139 445 ];
noproxyUdpPorts = [ 137 138 ];
};
};
}

1
modules/services/sshd/default.nix
View File

@@ -23,6 +23,7 @@ inputs:
UsePAM = true;
};
};
nixos.services.xray.client.v2ray-forwarder.noproxyTcpPorts = [ 22 ];
# generate from https://patorjk.com/software/taag with font "BlurVision ASCII"
# generate using `toilet -f wideterm -F border "InAlGaN / SiC"`
# somehow lolcat could not run with these characters, use rendered directly

14
modules/services/xray.nix
View File

@@ -10,7 +10,6 @@ inputs:
{
serverAddress = mkOption { type = types.nonEmptyStr; default = "74.211.99.69"; };
serverName = mkOption { type = types.nonEmptyStr; default = "vps6.xserver.chn.moe"; };
noproxyUsers = mkOption { type = types.listOf types.nonEmptyStr; default = [ "gb" "xll" ]; };
};
dnsmasq =
{
@@ -21,6 +20,12 @@ inputs:
};
hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
};
v2ray-forwarder =
{
noproxyUsers = mkOption { type = types.listOf types.nonEmptyStr; default = [ "gb" "xll" ]; };
noproxyTcpPorts = mkOption { type = types.listOf types.ints.unsigned; default = []; };
noproxyUdpPorts = mkOption { type = types.listOf types.ints.unsigned; default = []; };
};
};});
default = null;
};
@@ -253,6 +258,11 @@ inputs:
"${iptables} -t mangle -N v2ray -w"
"${iptables} -t mangle -A PREROUTING -j v2ray -w"
]
++ (map (port: "${ipset} add noproxy_port ${port}")
(with xray.client.v2ray-forwarder;
(map (port: "tcp:${toString port}") noproxyTcpPorts)
++ (map (port: "udp:${toString port}") noproxyUdpPorts))
)
++ (map (action: "${iptables} -t mangle -A v2ray ${action} -w")
[
"-m set --match-set noproxy_src_net src -j RETURN"
@@ -276,7 +286,7 @@ inputs:
(user:
let uid = inputs.config.nixos.user.uid.${user};
in "-m owner --uid-owner ${toString uid} -j RETURN")
(xray.client.xray.noproxyUsers ++ [ "v2ray" ]))
(xray.client.v2ray-forwarder.noproxyUsers ++ [ "v2ray" ]))
++ [
"-m set --match-set noproxy_src_net src -j RETURN"
"-m set --match-set noproxy_net dst -j RETURN"

1
modules/services/xrdp.nix
View File

@@ -17,6 +17,7 @@ inputs:
openFirewall = true;
defaultWindowManager = "${inputs.pkgs.plasma-workspace}/bin/startplasma-x11";
};
nixos.services.xray.client.v2ray-forwarder.noproxyTcpPorts = [ xrdp.port ];
}
(
inputs.lib.mkIf (xrdp.hostname != null)